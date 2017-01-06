Ransomware took in $1 billion in 2016--improved defenses may not be enough to stem the tide

Increased user awareness of phishing threats, better antivirus technology, more industry-wide information sharing and cross-border efforts by law enforcement authorities will combine to turn the tide against ransomware this year, according to some security experts, but others expect the attacks to continue to increase.

According to a security expert who requested anonymity, ransomware cybercriminals took in about $1 billion last year, based on money coming into ransomware-related Bitcoin wallets.

That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said.

Smaller ransomware families brought in another $150 million, and the FBI has reported $209 million in ransomware payments during the first three months of 2016. In addition to this $800 million or so in known payments, there are many other Bitcoin wallets that are unknown to researchers and uncounted, pushing the estimated total to $1 billion for all of 2016.

"The $1 billion number isn't at all unreasonable and might even be low," confirmed Mark Nunnikhoven, vice president of cloud research at Trend Micro.

"It's getting difficult to track the amount of money flowing into criminals' Bitcoin wallets because they've started to try and hide the transactions across a large number of wallets," he added.

He said that there was a 400 percent increase in ransomware variants last year, and he expects to see a 25 percent growth in ransomware families in 2016.

"What we're seeing is a bit of a maturation in how to execute these attacks, so we're expecting a leveling off to a more realistic growth curve," he said.

But criminals will continue innovating because of how profitable ransomware is.

"I don't think we'll see the 100 percent growth that we saw from 2015 to 2016," said Allan Liska, intelligence analyst at Recorded Future. "I think we'll probably see a 50 percent growth."

The markets for stolen medical records, credit card numbers and email addresses are collapsing, he said.

"Not only is it taking a while to get paid, but they're not getting paid as much as they used to," he said.

Meanwhile, ransomware is an easy business to get into, the payout is immediate, and it offers an ongoing revenue stream.

"There's no incentive for them to discontinue ransomware," he said.

Some experts expect growth to be even higher.

Successful ransomware attacks will double this year, predicted Tom Bain, vice president at CounterTack.

